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IN THE CLAIMS: 

Please add new claims 13 through 17. Please amend the following claims as 
indicated. This listing of claims replaces all prior versions, and listings of claims in the 
application. 

1 . (Currently amended) A controlled multicast system, including an Ethernet 
switch and a multicast router, where the Ethernet switch connects with each host of a user in 

a downlink, connects with the multicast router in an uplink, the multicast router connects with 
a multicast router of other systems in the uplink, the Ethernet switch implementing multicast 
exchange of a layer 2, an IGMP V2 protocol is adopted as group management protocol 
between the Ethernet switch and the host of the user ; wherein the controlled multicast system 
further comprises: 

a portal serve r, connecting with the multicast router and providing an interface of user 
access authentication; and an AAA -authentication serve r, storing configuration of privilege 
for the host which wants to join in the multicast group; 

The multicast router and the authentication server adopting a Client-server structure 
by which the authentication server authenticates identification of the host to join in a 
multicast group with information inputted through the interface provided by the portal server, 
and the multicast router records a User ID and a corresponding vlan ID of the authenticated 
host and then distributes control commands according to results of the authentication to 
control multicast forwarding operations of the Ethernet switch. 

That conn e ct with th e multicast rout e r; th e portal serv e r acting as an int e rfac e of user 
acc e ss auth e ntication, th e AA s e rv e r b e ing us e d for storing configuration of privil e g e for th e 
user to join in a multicast group; the multicast router coop e rating with the AAA server 
tog e th e r to impl e m e nt privil e g e auth e ntication for th e user to join in th e multicast group, and 
distributing control commands according to results of th e authentication to control multicast 
forwarding op e rations of th e Ethernet switch. 

2. (Currently amended) The controlled multicast system according to claim 1, a 
RADIUS+ protocol extended from a» RADIUS (Remote Authentication Dial In User 



Docket No. 56815.0200 
Customer No. 30734 



PATENT 



Service) A AA protocol is adopted as communication protocol between the multicast router 
and the authentication AAA serve r; a group management protocol HGMP (Huawoi Group 
Management Protocol) is us e d as a control protocol between th e Ethernet ovvitch and the 
multicast router . 

3. (Currently amended) The controlled multicast system according to claim 1, 
wherein the authentication server is an AAA (authorization and Authentication) server.^ A 
m e thod — (e* — implem e nting — a — controlled — multicast, — comprises: — implementing — access 
authentication first; then an Ethernet switch classifying a vlan according to a port and 
handling an IGMP message from a host, implementing user identification authentication for 
joining in a multicast group, and a multicast rout e r handling th e IGMP messag e ; in 
succ e ssion, th e multicast rout e r controlling th e Eth e rn e t switch for multicast forwarding, 
b e twe e n which th e HGMP protocol is us e d as a control protocol of the controlled multicast; 
after that, the Ethernet switch disposing a HGMP control mes s ag e and forwarding a multicast 
flow; the host leaving th e multicast group and making corresponding process e s aft e r finishing 
th e forwarding operation. 

4. (Currently amended) The controlled multicast system according to claim 1, 
wherein configuration of privilege comprises a corresponding relation between the User ID of 
the host and an address of multicast group in which the host wants to join; 

the information inputted through the interface provided by the portal server comprises 
the User ID and a password; 

each port through which the host is connected to the Ethernet switch is a vlan port; 

wherein the authentication server in the system further for, after receiving an extended 
RADIUS authentication message from the multicast router, of which attributes include the 
User ID as the user name and the address of multicast group in which the host wants to join, 
detecting whether to accept the host joining in the multicast group based on the configuration 
of privilege; 

responding with an acceptance message to the multicast router if the host has suitable 
privilege, otherwise returning a reject message; 
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wherein the multicast router in the system further for, after receiving an IGMP 
Membership Report message from the Ethernet switch, according to the vlan ID in the 
message, searching the corresponding User ID in a multicast access privilege table of the 
multicast router, and then sending the said extended RADIUS authentication message, to the 
authentication server; 

after receiving the acceptance message from the authentication server, writing the 
address of the multicast group in which the host can join into the said multicast access 
privilege table, and implementing a routine disposal on join messages of the host, then 
generating a Join message, which comprises the vlan ID corresponding to the port that links 
with the host which wants to join in the multicast group, the address of the multicast group 
that is applied for, and a Join command field, and then transmitting to the Ethernet switch; 
moreover, completing a routine processing of creating multicast forwarding tree on the IGMP 
Membership Report message; doing nothing after receiving the reject message; 

the Ethernet switch for, forwarding the IGMP Membership Report message from the 
host, wherein the IGMP Membership Report message forwarded to the multicast router port 
carries with the vlan ID of the host; 

after receiving the Join message from the multicast router, searching the MAC 
address corresponding to the address of the multicast group in the forwarding table; if the 
entry corresponding with the MAC address is found, obtaining the port number of the host 
via searching tin the forwarding table with the vlan ID in the Join message, and then adding 
the port number into the said entry; if nothing is found, adding an entry in the forwarding 
table, which comprises the MAC address corresponding to the multicast address, the port 
number of the host which applies to join in the multicast group, and the port number of the 
multicast router connected with the Ethernet switch; 

after receiving a multicast flow from the multicast router, forwarding it to ports of the 
Ethernet switch with the current forwarding table. The method according to claim 3, wherein 
the step of implementing access authentication comprises: 

(1) when accessing a network, the host inputting an authentication information 
that includ e s a User ID and a password first through an int e rface provided by a portal server, 
and a AAA server authenticating identification of th e host with th e information; once the 
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authentication is successful, the multicast rout e r r e cording the Us e r ID and a corresponding 
vlan ID of the host in a multicast access privil e g e tabl e of the user; 

the stop of th e Ethernet switch classifying th e vlan according to the port and handling 
the IGMP messag e from the host comprises, 

{2} classifying th e vlan according to the ports, with on e vlan for each port, and 

linking on e port to one host; s e arching a Content Addressable Memory (CAM) table with a 
destination MAC address of the IGMP messag e sent by th e host and forwarding the said 
IGMP message, of which forwarding process is same with that of a unicast message: if the 
port corr e sponding to the destination MAC address is found, forwarding the multicast 
m e ssag e to th e port, otherwise forwarding th e multicast m e ssage to all th e ports; 

the st e p of implementing us e r id e ntification, authentication for joiing in the multicast 
group, and handling th e IGMP message by th e multicast rout e r comprises, 

(3^ aft e r r e ceiving an IGMP Membership Report message, according to the vlan 

ID in the m e ssage, the multicast rout e r finding th e corresponding USER ID and the host to 
which th e IGMP M e mb e rship R e port messag e belongs through s e arching in th e multicast 
access privil e g e tabl e of th e uG e r r e cord e d in st e p (1), and then sending an extended RADIUS 
auth e ntication m e ssag e which includ e s th e us e r ID just found as th e us e r nam e and th e 
addr e ss of multicast group in which th e host wants to join as an attribut e , to th e AAA s e rv e r 
for authentication; 

the AAA s e rv e r d e t e rmining wh e th e r to acc e pt th e user bas e d on s e rvic e s of th e us e r; 
if the user has th e suitabl e privil e g e , r e sponding with an acceptance message, otherwise 
returning a reject messag e ; aft e r receiving th e reject message, the multicast rout e r do nothing, 
but if receiving th e acceptanc e message, th e multicast router writing th e address of th e 
multicast group in which the user can join into the multicast acc e ss privileg e table of the user, 
and implem e nting a routine disposal on join m e ssag e s of th e host, th e n generating and 
transmitting a HGMP Join messag e to the Ethernet switch, which compris e s th e vlan ID 
corresponding to the port that links with the host which wants to join in the multicast group, 
the address of th e multicast group that is applied for, and a Join command fi e ld; mor e over, 
the multicast rout e r also completing a routine processing of creating multicast forwarding tree 
on the IGMP Membership Report message just like an ordinary multicast router does; 
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{4)- managing gen e ration and deletion of an entry in tho CAM table at th e Ethern e t 

switch by th e multicast rout e r; while allowing the host to join in the multicast group, the 
multicast router sending tho HGMP join message that includes th e vlan ID of tho host which 
applies to join in tho multicast group and tho address of the multicast group applied for to the 
Eth e rn e t switch; wh e n the multicast rout e r wants to t e rminat e th e host joining in th e multicast 
group, th e multicast rout e r transmitting a HGMP L e av e m e ssag e which compris e s th e vlan ID 
of th e host which l e av e s th e multicast group and th e addr e ss of th e multicast group wh e r e th e 
host l e av e s; 

th e st e p of th e Eth e rn e t switch disposing th e HGMP control m e ssag e compris e s, 

aft e r r e ceiving the HGMP Join message, the Ethernet switch s e arching th e 

CAM tabl e with th e MAC addr e ss corr e sponding to th e addr e ss of th e multicast group; if th e 
e ntry corresponding with th e addr e ss is found, th e Eth e rn e t switch obtaining th e port numb e r 
of tho host via searching the CAM table with th e vlan ID in th e HBMP Join m e ssag e , and 
then adding th e port number into the said entry; if nothing is found, adding an entry in the 
CAM tabl e , which comprises th e MAC address corresponding to th e multicast address, the 
port number of tho host which applies to join in the multicast group, and the port number of 
the multicast router connected with the Ethernet switch; 

after r e ceiving the HGMP Leave m e ssage, th e Eth e rn e t switch obtaining th e e ntry 
through looking up the CAM tabl e with th e MAC addr e ss corr e sponding to th e multicast 
addr e ss of the multicast group, and getting th e port number of th e host through searching with 
the vlan ID, and then deleting tho said port numb e r from th e said entry, if the said port 
number is th e sol e ly port of the said entry, deleting tho whole entry; 

tho stop of forwarding of th e multicast flow comprises, 

{6) v when receiving tho multicast flow sont from tho multicast source, tho 

multicast rout e r forwarding th e multicast flow to an ogress bas e d on a CAM table; when 
handling the IGMP Membership R e port message of th e host, th e multicast router cr e ating a 
multicast forwarding e gress according to tho real port of tho Ethernet switch, and sending 
only on e copy of the multicast flow to th e Ethernet switch; 

tho stop of tho host leaving tho multicast group comprises, 
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£7) after finishing the multicast and wanting to leave th e multicast group, the host 

sending an IGMP Leav e message; after rec e iving th e IGMP Leav e m e ssage, the multicast 
router extracting th e vlan ID from the m e ssage, and obtaining corr e sponding entry via 
searching in th e multicast access privilege table created in stop (1) with the vlan ID, then 
d e leting th e addr e ss of th e multicast group indicated by th e IGMP L e av e messag e in the 
e ntry; aft e r compl e ting a routin e disposal on l e av e m e ssag e s, th e multicast router g e n e rating 
th e HGMP L e av e message and sending to th e Ethern e t switch, which includes th e vlan ID of 
th e host which wants to l e av e group, th e address of multicast group wh e r e th e host wants to 
leave and a Leav e command field. 

5. (Currently amended) Th e m e thod according to claim 3, wher e in th e CAM 
table and th e unicast forwarding table of th e Eth e rn e t switch are shared. The controlled 
multicast system according to claim 1, wherein the multicast router in the system further for, 
after receiving an IGMP Leave message, extracting the vlan ID from the message, and 
obtaining corresponding entry in the multicast access privilege table via searching with the 
vlan ID, then deleting the address of the multicast group indicated by the IGMP Leave 
message in the entry; 

after completing a routine disposal on leave messages of the host, generating a Leave 
message and sending to the Ethernet switch, which includes the vlan ID of the host which 
wants to leave the multicast group, the address of multicast group where the host wants to 
leave and a Leave command field; 

the Ethernet switch further for, after receiving the Leave message from the multicast 
router, obtaining the entry through looking up the forwarding table with the MAC address 
corresponding to the multicast address of the multicast group, and getting the port number of 
the host with the vlan ID in the Leave message, and then deleting the said port number from 
said entry. 

6. (Currently amended) Th e method according to claim 3, wherein, during the 
messag e s forwarding, adopting a vlan protocol between the port of the multicast router and 
the Ethernet switch. The controlled multicast system according to claim 1, wherein the 
multicast router in the system further for, after knowing offline status of the host, actively 
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generating the Leave message and sending to the Ethernet switch: moreover terminating the 
multicast flow transmission. 

7. (Currently amended) The method according to claim 3, in step (6) there is no 
vlan ID in a multicast data packet of the multicast flow sent from the multicast router. A 
method for implement a controlled multicast, comprising: 

A. in advance, according to ports of an Ethernet switch, classifying vlan with one 
vlan for each port, and linking one port to the host: 

making access authentication for a host which wants to join in a multicast group, if 
the authentication is successful, executing step B, otherwise ending: 

B. forwarding an IGMP Membership Report message from the host by the 
Ethernet switch: 

C. detecting whether to accept the host joining in the multicast group, if it is, 
generating a Join message to control establishing of an entry in a forwarding table of the 
Ethernet switch by a multicast router, and forwarding a multicast flow from the multicast 
router according to the current forwarding table by the Ethernet switch: otherwise ending. 

8. (Currently amended) Th e method according to claim 3, in step (7) of leaving 
from th e multicast group can also be implemented via following moans which comprises, 
once the multicast router knows offline status of the user, the multicast rout e r actively 
sending th e HGMP Leav e messag e to terminat e multicast flow transmission to the host, 
which is same with that of processing on the IGMP Leave mossage. The method for 
implementing a controlled multicast according to claim 7, for the host which wants to leave 
the multicast group, the method further comprising, forwarding an IGMP Leave message 
from the host by the Ethernet switch: generating a Leave message to control deleting the 
entry of the host in the forwarding table after the multicast router receives the IGMP Leave 
message. 

9. (Currently amended) The method according to claim 3, further comprises 
controlling the multicast sender, which includes wh e n the ho s t transmits data to th e multicast 
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group, the first r e c e iver among the multicast routers filtering the data message with a 
multicast Access Control List (ACL), and forwarding the data message that satisfies the 
requirements in the ACL to th e multicast tree. The method for implementing a controlled 
multicast according to claim 7, further comprising, actively generating the Leave message to 
control deleting the entry of the host in the forwarding table by the multicast router once 
knowing offline status of the host, and terminating the multicast flow transmission. 

10. (Currently amended) The method according to claim 9, wherein the multicast 

ACL is distributed to each multicast router by a centralized multicast service control s e rv e r; 
the step of controlling the sender is accomplished with the multicast ACL by the multicast 
router, meanwhil e the multicast s e rvic e control s e rv e r is also acts as th e AAA s e rv e r. The 
method for implementing a controlled multicast according to claim 7, in step A, the said step 
of making access authentication for a host which wants to join in the multicast group 
comprises, 

in advance, storing configuration of privilege for hosts which want to join in the 
multicast group in an authentication server that connects with the multicast router, wherein 
the configuration of privilege includes a corresponding relation between a User ID of the host 
and an address of multicast group in which the host wants to join; 

inputting information including the User ID and a password through an interface 
provided by a portal server, and authenticating identification of the host with the information 
by the authentication server; 

recording the User ID of the host and a corresponding vlan ID of the host in a 
multicast access privilege table by the multicast router after the authentication is successful; 

the step B further comprises, 

if the port corresponding to the destination MAC address in the IGMP Membership 
Report message is found in the forwarding table, forwarding to the found port, otherwise 
forwarding to all ports; wherein the IGMP Membership Report message forwarded to the 
multicast router port carries with vlan ID of the host; 

the step C further comprises, 
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CI. after multicast router receives the IGMP Membership Report message, 
searching the User ID of the host in the multicast access privilege table based on the vlan ID 
in the IGMP Membership Report message; then sending an extended RADIUS authentication 
message which includes the User ID just found as the user name and the address of multicast 
group in which the host wants to join as the name and the address of multicast group in which 
the host wants to join as the attribute, to the authentication server; detecting whether to accept 
the host joining in the multicast group by the authentication server according to the 
configuration of privilege; 

If the host has suitable privilege, responding with an acceptance message to 
the multicast router by the authentication server, and then executing step C2, otherwise 
returning a reject message; the multicast router does nothing and ends after receiving the 
reject message; 

C2. after the multicast router receives the acceptance message, writing the 
address of the multicast group in which the host can join into the said multicast access 
privilege table, and implementing a routine disposal on join messages of the host, then 
generating a Join message, which comprises the vlan ID corresponding to the port that links 
with the host which wants to join in the multicast group, the address of the multicast group 
that is applied for, and a Join command field, and then transmitting to the Ethernet switch; 
moreover, completing a routing processing of creating multicast forwarding tree on the IGMP 
Membership Report message; 

C3. searching the MAC address corresponding to the address of the 
multicast group in the forwarding table by the Ethernet switch; if the entry corresponding 
with the MAC address is found, obtaining the port number of the host via the vlan Id IN THE 
Join message, and then adding the port number into the said entry; if nothing is found, adding 
an entry in the forwarding table, which comprises the MAC address corresponding to the 
multicast address, the port number of the host which applies to join in the multicast group, 
and the port number o the multicast router connected with the Ethernet switch; 

C4. sending only one copy of the multicast flow to the Ethernet switch by 
the multicast router. 
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1 1 . (Currently amended) The method according to claim 9, wherein the multicast 
ACL is distributed to each multicast router by a centralized multicast service control server; 
the step of controlling the send e r is accomplished with the multicast ACL by the multicast 
rout e r, meanwhile th e multicast s e rvic e control s e rver is also acts as th e AAA server. The 
method for implementing a controlled multicast according to claim 8, the step of forwarding 
an IGMP Leave message from the host further comprises, forwarding the IGMP Leave 
message from the host based on the current forwarding table; wherein the IGMP Leave 
message forwarded to the multicast router carries with the vlan ID of the host; 

the step of generating a Leave message to control deleting the entry of the host in the 
forwarding table further comprises, 

after the multicast router receives the IGMP Leave message, extracting the vlan ID 
from the message, and obtaining corresponding entry via searching in the multicast access 
privilege table with the vlan ID, then deleting the address of the multicast group indicated by 
the IGMP Leave message in the entry of the multicast access privilege table; completing a 
routine disposal on leave messages of the host, and then generating a Leave message and 
sending to the Ethernet switch, which includes the vlan ID of the host which wants to leave 
the group, the address of multicast group where the host wants to leave and a Leave 
command field; 

after the Ethernet switch receives the Leave message, obtaining the entry through 
looking up the forwarding table with the MAC address corresponding to the multicast address 
of the multicast group, and getting the port number of the host with the vlan ID in the Leave 
message, and then deleting the said port number from the said entry. 

12. (Currently amended) The m e thod according to claim 9, wh e rein the multicast 
ACL can also b e distributed by a centraliz e d policy server or a network manag e r. T he method 
for implementing a controlled multicast according to Claim 11. the step of generating a Leave 
message to control deleting the entry of the host in the forwarding table further comprises, if 
the deleted port is the solely port of the said entry in the forwarding table, further deleting the 
whole entry. 
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13. (New) The method for implementing a controlled multicast according to 
Claim 7 during the messages forwarding, adopting a vlan protocol between the multicast 
router port and the Ethernet switch. 

14. (New) The method for implementing a controlled multicast according to 
claim 7, the method further comprises T filtering data messages send by a multicast sender 
with a multicast Access Control List (ACL) through the first receiver among the multicast 
routers, and forwarding the data messages that satisfy the requirements in the ACL to the 
multicast tree. 

15. (New) The method for implementing a controlled multicast according to 
claim 14, wherein the multicast ACL comprises a command word, a source address and a 
group address. 

16. (New) The method for implementing a controlled multicast according to 
claim 14, wherein the multicast ACL is distributed to each multicast router by a centralized 
multicast service control server; meanwhile the multicast service control server is also acts as 
the authentication server. 

17. (New) The method for implementing a controlled multicast according to 
claim 14, wherein the multicast ACL can also be distributed by a centralized policy server or 
a network manager. 
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